Google Git
Sign in
gerrit/plugins/github/2686129ce0675ef881c6402302c75199445700d2^!/.
commit
2686129ce0675ef881c6402302c75199445700d2
[log]
author
Luca Milanesio <luca.milanesio@gmail.com>
Fri Nov 27 16:58:07 2015 +0000
committer
Luca Milanesio <luca.milanesio@gmail.com>
Wed Dec 02 07:57:20 2015 +0000
tree
6307c33a131e5d2af02a1ac66a22d97ee2005f78
parent
dcf415a70a233055cb14a11631af8a14225fa121 [diff]
Add READ_ORG to the list of GitHub default OAuth 2.0 scopes

The default GitHub scope without the extra permission to read someone's
organisation membership is pretty much useless. GitHub without the 
read:org does not even give access to public information such as public
organisations and teams, which are exposed over the internet for even
anonymous users to browse.

Change-Id: Ib0a70efd66c2de8a7fcb6e1399daa54761a6492c

diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
index 1844251..6d04697 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java

@@ -48,7 +48,7 @@
   private static final long serialVersionUID = 1L;
   private static final Logger log = LoggerFactory.getLogger(GitHubLogin.class);
   private static final List<Scope> DEFAULT_SCOPES = Arrays.asList(
-      Scope.PUBLIC_REPO, Scope.USER_EMAIL);
+      Scope.PUBLIC_REPO, Scope.USER_EMAIL, Scope.READ_ORG);
   private static final long SCOPE_COOKIE_NEVER_EXPIRES = DAYS
       .toSeconds(50 * 365);